User equipment (UE) connectivity in a mobile network is dependent on a functioning control plane of an air interface between UE and an access node such as a base station or (evolved) Node B. The control plane may become overloaded by atypically high signalling load caused by malicious or incorrectly configured UE. This overload condition may in some instances be called a signalling storm. The signalling storm can effectively prevent a large portion of UEs from connecting to an access node affected by the signalling storm. In addition to degrading connectivity, the signalling storm may cause devastating impact for safety-critical communications such as vehicle-to-vehicle communications. With the development of Internet of Things (IoT) concept, more and more machine-type communication devices appear on the market and all of them may not be tested properly and operate erratically.
Signaling storms are non-trivial to mitigate because they congest the control plane of the air interface. The damage to an operator of the system may include service problems such as outage in a small or even a wide area. Baseband operation of the UE is generally considered to be standard-compliant, but this is not necessarily the case. Computer programs executed on the baseband may be susceptible to-malicious use or, in the extreme case, UE may be a rogue radio transmitter implementing only the functions necessary for attacking the mobile network. Proliferation of software defined radio (SDR) technology makes the latter scenario increasingly possible and for attackers more exploitable. In addition to harmful air interface activity by a few non-compliant UEs, it is necessary to consider a case where signaling traffic of a large portion of the UE population increases significantly, e.g. as a result of application level malware infecting UEs.